Congressional Commission Probes HHS Capability to Address Health Sector Ransomware Attacks

Witthaya Prasongsin/Getty Images

The oversight group wants more detailed information on the HHS’ cyberdefenses as digital networks for critical infrastructure remain a target for malicious actors.

The bicameral Cyberspace Solarium Commission wants more information on cyber attacks waged against critical healthcare networks.

In a letter addressed to Health and Human Services Secretary Xavier Bercerra, Sen. Angus King, I-Maine; and Rep. Mike Gallagher, R-Wisc., are requesting a briefing from Becerra’s office regarding the HHS’s current framework for preventing ransomware attacks. 

“Ransomware attacks on the HPH [healthcare and public health] sector have skyrocketed in the past two years as opportunistic criminals recognized that hospitals may pay quickly to resolve issues and protect patient safety,” the letter reads. “With cyber threats growing exponentially, we must prioritize addressing the HPH sector’s cybersecurity gaps.”

Some of the concerns the CSC members highlighted include the timely sharing of cyber incident information. To gauge how to scale HHS’s potential cybersecurity needs, King and Gallagher ask for an evaluation of the agency’s organizational structure, which positions oversee cybersecurity implementation, any existing known vulnerabilities, and personnel and budget resources.

“We recognize the important partnership between the executive and legislative branches to properly organize and resource public-private collaboration to protect against cyber threats,”the lawmakers wrote. “Thus, we are requesting a briefing from your office on the status of efforts to strengthen the department’s capabilities as the Sector Risk Management Agency and to operationalize collaboration with the organizations throughout the sector.”

The CSC was first established in 2019 under the John S. McCain National Defense Authorization Act, and has been renewed amid greater threats to the U.S. critical infrastructures’ digital networks. 

HHS did not respond to Nextgov's request for comment. 

The need for more federal action to protect both public and private organizations from cyber and ransomware attacks has spurred greater investments in mitigation strategies. In 2021, President Joe Biden signed his executive order that strengthened federal agencies’ threat detection analysis and incentivized more proactive adjustments. 

The CSC has conducted multiple oversight analyses and issued subsequent best practice recommendations of federal agencies’ cyber defense systems. Its recommendations have been taken into legislative consideration and guide lawmakers to drafting more efficient cybersecurity bills.